Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
91
security advisoryGentoocode executionGentoo: GLSA-201508-02 Normal: Multiple Risks in libgadu Software
Multiple vulnerabilities have been found in libgadu, the worst of which may result in execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201508-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libgadu: Multiple vulnerabilities Date: August 15, 2015 Bugs: #490238, #505558, #510714 ID: 201508-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in libgadu, the worst of which may result in execution of arbitrary code. Background ========= libgadu is a library that implements the client side of the Gadu-Gadu protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libgadu < 1.12.0 > = 1.12.0 Description ========== libgadu contains multiple vulnerabilities: * X.509 certificates are not properly validated (CVE-2013-4488) * A integer overflow error could lead to a buffer overflow (CVE-2013-6487) * Malformed responses from a Gadu-Gadu file relay server are not properly handled (CVE-2014-3775) Impact ===== A remote attacker may be able to execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or spoof servers. Workaround ========= There is no known workaround at this time. Resolution ========= All libgadu users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libgadu-1.12.0" References ========= [ 1 ] CVE-2013-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4488 [ 2 ] CVE-2013-6487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6487 [ 3 ] CVE-2014-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3775 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201508-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 15, 2015
Gentoo
87
security advisorydenial of servicecriticalDebian: DSA-2935-1 Critical: libgadu Denial Of Service Threat
It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2935-1
May 21, 2014
•Critical
Debian
172
security advisorydenial of serviceUbuntuUbuntu 13.10/12.04: USN-2215-1 Moderate: libgadu Denial Of Service
libgadu could be made to crash or run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-2215-1 May 21, 2014 libgadu vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.04 LTS Summary: libgadu could be made to crash or run programs if it received specially crafted network traffic. Software Description: - libgadu: Gadu-Gadu protocol library Details: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libgadu3 1:1.11.2-1ubuntu1.2 Ubuntu 12.04 LTS: libgadu3 1:1.11.1-1ubuntu0.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2215-1 CVE-2014-3775 Package Information: https://launchpad.net/ubuntu/+source/libgadu/1:1.11.2-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libgadu/1:1.11.1-1ubuntu0.2 . The libgadu vulnerability can destabilize systems via malicious network packets. Users should apply the latest patches promptly using the instructions provided.. Libgadu Vulnerability, Ubuntu Advisory, Denial of Service. . Severity: Important. LinuxSecurity.com Team
May 21, 2014
•Important
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 13.10 USN-2101-1 Critical: libgadu Denial Of Service
libgadu could be made to crash or run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-2101-1 February 10, 2014 libgadu vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: libgadu could be made to crash or run programs if it received specially crafted network traffic. Software Description: - libgadu: Gadu-Gadu protocol library Details: Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libgadu3 1:1.11.2-1ubuntu1.1 Ubuntu 12.10: libgadu3 1:1.11.2-1ubuntu0.12.10.1 Ubuntu 12.04 LTS: libgadu3 1:1.11.1-1ubuntu0.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2101-1 CVE-2013-6487 Package Information: https://launchpad.net/ubuntu/+source/libgadu/1:1.11.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libgadu/1:1.11.2-1ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/libgadu/1:1.11.1-1ubuntu0.1 . The Ubuntu Security Notice USN-2102-1 pertains to a vulnerability in libgadu that could lead to application crashes or enable remote code execution.. Libgadu Vulnerability, Ubuntu Security Update, Network Crash Exploit. . Severity: Critical. LinuxSecurity.com Team
Feb 10, 2014
•Critical
Ubuntu
87
security advisorybuffer overflowdebianDebian: DSA-2852-1 Moderate: Libgadu Buffer Overflow Attack Risk
Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2852-1
Feb 06, 2014
Debian
99
security advisorydenial of servicecode executionSlackware 10.0: SSA:2005-203-02 High: Kdenetwork Denial of Service
New kdenetwork packages are available for Slackware 10.0, 10.1, and -current to fix security issues. Overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. More details about this vulnerability may be found here: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kdenetwork (SSA:2005-203-02) New kdenetwork packages are available for Slackware 10.0, 10.1, and -current to fix security issues. Overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. More details about this vulnerability may be found here: https://kde.org/info/security/advisory-20050721-1.txt Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/kdenetwork-3.3.2-i486-2.tgz: Patched overflows in libgadu (used by kopete) that can cause a denial of service or arbitrary code execution. For more information, see: https://kde.org/info/security/advisory-20050721-1.txt (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdenetwork-3.2.3-i486-2.tgz Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdenetwork-3.3.2-i486-2.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 10.0 package: 762d2d871cf71af4f0c3d2d34e4d4578 kdenetwork-3.2.3-i486-2.tgz Slackware 10.1 package: 3a80c2d6f891d5592bd25e1ba2bbae96 kdenetwork-3.3.2-i486-2.tgz Slackware -current package: a5a3ef3a86735d31b9fda746161d12f3 kdenetwork-3.4.1-i486-2.tgz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kdenetwork-3.3.2-i486-2.tgz +-----+ . Recent updates to kdenetwork for Slackware resolve critical vulnerabilities associated with libgadu, preventing potential denial of service and unauthorized codeexecution.. kdenetwork packages, Slackware, security advisory. . LinuxSecurity.com Team
Jul 22, 2005
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!